The newer functional safety standards are intended to encourage designers to focus on the functions that are necessary to reduce each individual risk and what performance is required for each, rather than simply relying on particular components. These standards make it possible to achieve greater levels of safety throughout the machine’s life. Their creation was also due to the increasing complexities of modern machine control systems that were not adequately dealt with in EN 954-1 and take into account the reliability of the safety circuit components and its ability to detect/diagnose faults and reject common cause failure.
The two standards have different terms for functional safety levels of a circuit. EN 62061 uses three Safety Integrity Levels (SILs) while EN ISO 13849-1 has five Performance Levels (PLs). Unless a machine specific type-C standard specifies a target SIL or PL, the designer is free to choose which of the two standards to use. However, it should be pointed out that whichever standard is chosen, it must be used in its entirety and the two cannot be mixed in a single system.
Both standards have strengths and weaknesses, but EN ISO 13849-1 is generally considered to be easier to use by designers who are more familiar with the old Categories of EN 954-1. Like its predecessor, the ISO standard has a simple-looking ‘risk graph’ to determine the required performance level (PL) of the individual safety functions. This means that safety functions can be assigned to the appropriate architecture to deal with each individual risk.
The PL is made up of system architecture (which users of EN 954-1 will recognise as B, 1, 2, 3 and 4), but also Mean Time to Dangerous Failure (MTTFd) and Diagnostic Coverage (DC). A major benefit of this is that it is possible to use simpler circuitry as long as high reliability components, or components with higher MTTFd figures, are used. This is a consequence of the fact the five Performance Levels (PLs) associated with EN ISO 13849-1 are bands of values rather than discrete categories.
The advantage that EN ISO 13849-1 has over the old standard is that it can make safety more cost effective for designers, allowing them to design safety circuits using fewer, but higher reliability components. For example, with the new standard a PLd can be achieved using a category 2 single channel with higher reliability components or category 3 dual channel architecture with lower reliability components, giving the designer more choice.
To support the EN ISO standard, BGIA, the German Institute for Occupational Health, has developed SISTEMA, a free-to-download software utility that developers and testers can use to evaluate the safety of the machine in the context of the standard. The tool permits the designer to model the structure of the safety –related control components based on the designated architectures of the standard, permitting automated calculation of the reliability values with various levels of detail, including that of the attained PL.
Using SISTEMA, relevant risk parameters are entered step-by-step into input dialogs. Each parameter change is reflected immediately on the user interface together with its impact on the whole system.
Schneider Electric publishes software libraries for its safety components, which contain the relevant reliability data, such as MTTFd. This can be imported into SISTEMA, thus avoiding time-consuming consultation of tables and calculation of formulae and allowing the final results to be printed out in a summary document.
The new standards are explained in a Safe Machines Handbook published by Schneider Electric, which can be downloaded from http://www.schneider-electric.co.uk/ where a link to the SISTEMA software can also be found.
Dave Collier is product marketing manager at Schneider Electric